-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 17 Apr 2020 16:28:49 +0000 Source: tiff Binary: libtiff5 libtiffxx5 libtiff5-dev libtiff-tools libtiff-opengl libtiff-doc Architecture: source Version: 4.0.8-2+deb9u5 Distribution: stretch-security Urgency: high Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org> Changed-By: Laszlo Boszormenyi (GCS) <gcs@debian.org> Description: libtiff-doc - TIFF manipulation and conversion documentation libtiff-opengl - TIFF manipulation and conversion tools libtiff-tools - TIFF manipulation and conversion tools libtiff5 - Tag Image File Format (TIFF) library libtiff5-dev - Tag Image File Format library (TIFF), development files libtiffxx5 - Tag Image File Format (TIFF) library -- C++ interface Changes: tiff (4.0.8-2+deb9u5) stretch-security; urgency=high . * Backport security fixes: - CVE-2018-12900, heap-based buffer overflow in cpSeparateBufToContigBuf(), - CVE-2018-17000, NULL pointer dereference in _TIFFmemcmp(), - CVE-2018-17100, int32 overflow in multiply_ms(), - CVE-2018-19210, NULL pointer dereference in TIFFWriteDirectorySec(), - CVE-2019-14973, _TIFFCheckMalloc() and _TIFFCheckRealloc() mishandle Integer Overflow checks, - CVE-2019-17546, integer overflow that potentially causes a heap-based buffer overflow, - CVE-2019-7663, Invalid Address dereference in TIFFWriteDirectoryTagTransfer() . * Add required _TIFFCastUInt64ToSSize@LIBTIFF_4.0 and _TIFFMultiplySSize@LIBTIFF_4.0 symbols to the libtiff5 package. Checksums-Sha1: 550b7006c595e232b5bbfa25fc8a2e8fd6732c61 2185 tiff_4.0.8-2+deb9u5.dsc af57187285812ca3cb2633145bd640e6b8d2906b 37260 tiff_4.0.8-2+deb9u5.debian.tar.xz Checksums-Sha256: a782ae9a83645f53eab3cbe70b93f7fd3ec0c1c8efeb37513b8ea7ad77756c9c 2185 tiff_4.0.8-2+deb9u5.dsc 141a6cde7494b392b10c00692dd4d4090294d7d5678265e3344662c23c7c3089 37260 tiff_4.0.8-2+deb9u5.debian.tar.xz Files: f5786df2171cbd705b00a697006eb8fe 2185 libs optional tiff_4.0.8-2+deb9u5.dsc 219f43ad0334d6bb11699836b13e177a 37260 libs optional tiff_4.0.8-2+deb9u5.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAl6puV8ACgkQ3OMQ54ZM yL/feRAArv/e+mDC7drymiipy8i53/bfz29YYb6+XiviAWuGxpLiHH75+ekr0ftf IiIkUS6K8oER6weYgubcz9xtTmwjEkVv0aC4Sb1brYQtRz72wi93o5gXmcCi/Lww Y47uMFVL6LfKLpxJbkABHlW0tzDVHQeMNcrvy10FLg0mL//BsDGQq8B0SvCwyPJg 1VyedJg1LXPLC9JPWA/Ahb2fjmrzP2dzbIChqpVqFQI/7RxUlXlVzcy6rqLjoRLL 17CXWzttOL5laGFdRKidiimKj9wFDi5rdJsaGZTLqqg8TqJSUSvQr9s6vANMB7oc Q+aK3x3g72W/jmCZraEyIKNcDFrMFF/mc6pArWnlvFDOnVNfT9A0A+gr7jWVYek4 V+QRarDeF1i5GhEPFvUFFUSG/K4R4jydnJGob7aNjlRh6oQCt6HPUgDQ0YsW9GMt px+Qdyx5OozlNx9WhrxoIxJYAdt6Dk+xU9SKXbhfoL47PMzwG9aswD2CoJYs+mFG 5vPTjOIIrFnTBRs9zzeyR0OIQYIb253BI2rSSSlXNsw1DiQBRX9JWBnCRSOlYfiT wm/iFnLkqeCXpf1rtG0K29yDo2CSumgF776M0kpAVjn0cP18VAOkklLHuIKNzzp1 3PeC/TouTD1VfkJWCI8NHREupvDY0ykQ3E34vteyyDsrDhdGBGI= =e7UE -----END PGP SIGNATURE-----